Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Possible Trojan Downloader.XS [RESOLVED]

~Mix

Posted 02 July 2008 - 07:35 PM

~Mix

Member

Member

77 posts

I Think I Have A Trojandownloader.XS. I Have Gotten A Trojandownloader.XS Before, But On A Different Computer(I Got Help From The Member HarryTHook From This Website). Currently I Restored My Background, Got Back My Windows Task Manager, I Am Not Getting Any Popups Anymore. I Tried Restoring My Computer, But It Stated That It Could Not Restore. I Have Been Scanning With Spybot And AVG8.0 Free.I Believe That I Got It Through A Program Called "E-Book" We Never Install This, But It Appeared On The Desktop. Or The Instant Messenger AIM6.0 Or Yahoo Messenger.(I Am Using Firefox Instead Of Internet Explorer)

Event Record #/Type17716 / Error
Event Submitted/Written: 07/02/2008 09:12:35 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.100,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

kahdah

Posted 03 July 2008 - 02:43 AM

kahdah

GeekU Teacher

Retired Staff

15,822 posts

Please visit this web page for instructions for downloading and running Combofix >ComboFix InstructionsWe now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

I Had A Little Trouble With The Program "GuardDog" 'Cause I Do Not Know The Password For It (It's A Parental Control Program). Also I Am Confused About What To Allow And What Not To Allow On The Resident Shield In Spybot.

kahdah

Posted 03 July 2008 - 06:19 PM

kahdah

GeekU Teacher

Retired Staff

15,822 posts

Can you uninstall the Guard Dog program?If so and you don't need it then please do so.==============================Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

When I Loaded Up The Daft Scan There Were No Options I Could Choose From Even After Pressing Scan And When I Pressed Scan And The "All Associations Are OK" Thing Popped Up.Currently My Computer Is Not Displaying Anything (Tool Bar/ Desktop Icons). To Get Anything To Start I Needed To Bring Up The Task Manager And Run A Task From There... I Think Guard Dog May Be Causing This Because I Went On The Internet Before Doing The Scan And The Computer Was Like This And Guard Dog Came Up And I Told It Not To Load And Everything Loaded. Right Now I'm Afraid That I Will Mess Up The COMBOFix Scan.. Also The Spybot Scanner Doesn't Seem To Be Fully Scanning The Computer. At The Bottom Of The Screen It States It Is Scanning Internet Explorer And Firefox. Also My AVG8.0 Free Program Has Turned Off The Resident Shield.Edit: I Typed In "Explorer.exe" Into The Tasks, But COMBOFix Failed To Make A Complete Log...

Advertisements

kahdah

Posted 04 July 2008 - 09:09 PM

kahdah

GeekU Teacher

Retired Staff

15,822 posts

Can't you uninstall the GuardDog program if you are able to then please do so.===============To get your items back open the Task Manager and go to File then Run then type in Explorer then hit ok.That will bring back what you couldn't get to show up.==================================After that please re-open Hijackthis and click on "Do a system scan only"Then place a check mark next to these entries below:

Now click on Fix Checked and then close Hijackthis.===================================Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.